我尝试为我的项目实现ASP.NET基于角色的授权,但我从未发现cookie已保存在客户端浏览器中。我尝试了一些测试代码,如
RolePrincipal rolePrincipal = new RolePrincipal(new GenericIdentity("a"));
string text1 = rolePrincipal.ToEncryptedTicket();
在这个简单的RolePrincipal对象中没有角色,Roles.CookieProtectionValue设置为'none'。但是text1的长度是4,688,大于4,096,因此无法将cookie推送到客户端浏览器中。
没有意义,否则无法使用cookie来缓存角色。
它出了什么问题?
由于
这是web.config中的相关部分
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" name=".TestAUTH"/>
</authentication>
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
<profile>
<providers>
<clear/>
<add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" />
</providers>
</profile>
<roleManager enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
答案 0 :(得分:0)
尝试添加默认提供程序,因此:
<roleManager enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
到此:
<roleManager defaultProvider="AspNetSqlRoleProvider" enabled="true" cookieName=".TestROLE" cookieProtection="None" cacheRolesInCookie="true" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="false" >
<providers>
<clear/>
<add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
<!--<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />-->
</providers>
</roleManager>
答案 1 :(得分:0)
不幸的是,这是由于.NET 4.5中底层类型的变化而设计的。您可以关闭在cookie中存储用户角色以防止此问题(http://msdn.microsoft.com/en-us/library/system.web.security.roles.cacherolesincookie.aspx)。
答案 2 :(得分:-1)